Hi guys

i would like to be able to remotely connect to my cisco lab at work. i have
a cable modem, a smc router, 1 1841 router, 1 2620xm router, 1 2950 switch and a 2960 switch.....

does anyone know how this would get done? i would imagine i would
have to configure NAT/DHCP on one of my routers.....

I do this, but i use RDP to get on my PC which is connected into my home lab via a console to a Cisco 2511 terminal server. I have a static IP on my PC from my home router and allow port 3389 through. I did have an ASA and i was using an IPsec VPN at one point. But had togive the ASA baclk to work.

All depends on your ISP, how many IP you get and are they static/dynamic etc.

HTH.

i would like to be able to remotely connect to my cisco lab at work. i have a cable modem, a smc router, 1 1841 router, 1 2620xm router, 1 2950 switch and a 2960 switch.....

does anyone know how this would get done? i would imagine i would
have to configure NAT/DHCP on one of my routers.....

Hello,
I use a router from AVM called Fritz!Box for the DSL connection at home. I setup a dyndns.org address so I can connect to the router with a name and doesn't need to know the IP address.

For the connection to my home LAN I can use my laptop with a VPN client. The other way is to configure port forwarding on the router. With this I can ssh to the dyndns.org address and a port and that connection is forwarded to the ssh port of a linux box.

One idea is to use a Cisco router as VPN server. The VPN server on the AVM router has its limits, one problem is that I can't specify the DNS server for the VPN connection. With a Cisco router behind the AVM router I would switch off the VPN server on the AVM router and setup port forwarding to the VPN ports to the Cisco router.

HTH!
Bye, Tore

trying to configure port forwarding on my smc router. appearantly openvpn uses port 1194 on both UDP and TCP but when configuring the smc router i get an "illegal port" error message. maybe i should update the routers firmware but i heard that smc routers are terrible for that kind of a configuration.....

i think i almost got it but its just my cheap smc router wont allow me to configure that port for forwarding.....

maybe i can explore the option of using one of my routers as a vpn server.....

trying to configure port forwarding on my smc router. appearantly openvpn uses port 1194 on both UDP and TCP but when configuring the smc router i get an "illegal port" error message. maybe i should update the routers firmware but i heard that smc routers are terrible for that kind of a configuration.....

i think i almost got it but its just my cheap smc router wont allow me to configure that port for forwarding.....

maybe i can explore the option of using one of my routers as a vpn server.....

Hello,
don't mix VPN and port forwarding. With VPN you need a server (your router is this case) and a client with a VPN client software on it. With port forwarding (for telnet or ssh) you just need to now the IP address of your router and the port number that is forwarded to a telnet or ssh of a device in your local lan.

If you don't want to use the VPN service of your router you have to switch this service off first, off course. And than forward the ports to a VPN server in you local lan.

HTH!
Bye, Tore

Hello,
don't mix VPN and port forwarding. With VPN you need a server (your router is this case) and a client with a VPN client software on it. With port forwarding (for telnet or ssh) you just need to now the IP address of your router and the port number that is forwarded to a telnet or ssh of a device in your local lan.

If you don't want to use the VPN service of your router you have to switch this service off first, off course. And than forward the ports to a VPN server in you local lan. ok i'll try a few more things then let everyone know.... this is fun lol

HTH!
Bye, Tore


ok ok i see..... yeah i just want to be able to telnet/ssh from my blackberry or another computer into my cisco routers..... thanks crissa i was confusing the two.....

ok ok i see..... yeah i just want to be able to telnet/ssh from my blackberry or another computer into my cisco routers..... thanks crissa i was confusing the two.....

Hello,
for a simple ssh a portforwarding is all you need. Don't use telnet outside your local lan, remember that telnet is clear text.

Did you already found an ssh client for your Blackberry?
Bye, Tore

yeah i found one called midpssh, its a free download for the BB devices. people say it works pretty good. my ios doesnt support ssh. when i type tranport input ? it shows telnet but not ssh. i'll have to get a different ios.

my ios version:

Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(11)XJ, RELEASE SOFTWARE (fc1)

i setup port forwarding on my smc to my router interface, i can ping my smc router from my cisco router internally, had my carrier give me a public ip address, but still can not connect... i'm going to try a few more things this week......

yeah i found one called midpssh, its a free download for the BB devices. people say it works pretty good. my ios doesnt support ssh. when i type tranport input ? it shows telnet but not ssh. i'll have to get a different ios.

my ios version:

Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(11)XJ, RELEASE SOFTWARE (fc1)

i setup port forwarding on my smc to my router interface, i can ping my smc router from my cisco router internally, had my carrier give me a public ip address, but still can not connect... i'm going to try a few more things this week......

Hello,
I prefer the IOS filename, it is easier to check the IOS filename with the Cisco Feature Navigator (<http://www.cisco.com/go/cfn/>). I think you are using c1841-ipbasek9-mz.124-11.XJ.bin. This IOS supports ssh!

On my 3640 routers I used the following commands to setup ssh:

# copy tftp://192.168.1.88/init_ssh_3640.cfg run
ip domain-name arbzim.bogus
crypto key generate rsa general-keys modulus 1024
line vty 0 15
login local
transport input ssh telnet
username cisco password cisco
end
HTH!
Bye, Tore

hmm i'll check my ios version fully when i go back home tonight......

but the setup itself is correct, no? i setup port forwarding on my smc router to forward requests on port 23 (i'll setup ssh on my cisco router later on) to my cisco router which has the ip address 192.168.0.2....

i have a public ip address for my BB.... hmmmmmm i'll try a few more things.. i've read that some others have had problems with certain software versions on their blackberries...... i'll try my older device.....

still having a few slight problems....

here is my access-list that i configured:

urrent configuration : 1650 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 1841T
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$nSlQ$lNuKcynRCwx/EdcyUb9xy.
!
!
!
username ian privilege 15 password 7
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
interface FastEthernet0/0
ip address 192.168.3.2 255.255.255.0
speed auto
full-duplex
!
interface FastEthernet0/1
ip address 192.168.0.2 255.255.255.0
ip access-group 100 in
duplex auto
speed auto
!
interface Serial0/0/0
description Connection to 1841B s0/0/0
ip address 192.168.2.2 255.255.255.0
no fair-queue
!
router rip
version 2
redistribute static
network 192.168.0.0
network 192.168.2.0
network 192.168.3.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.3.1
!
!
access-list 100 permit tcp 68.171.0.0 0.0.255.255 host 192.168.0.2 eq 22
!
!
control-plane
!
banner motd ^CC
*******************
Do Not Log In!!!
*******************
^C
!
line con 0
exec-timeout 0 0
password 7 ****
logging synchronous
login local
line aux 0
line vty 0 4
access-class 1 in
privilege level 15
password 7 ****
logging synchronous
login local
transport input telnet ssh
line vty 5 807
access-class 1 in
privilege level 15
password 7 151B0A02
logging synchronous
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end

everything seems to be configured but i still get a Timed Out error when trying to remotely connect. i setup port forwarding from my router to port 22 from any ip address and my phone has a public ip address.........

still having a few slight problems....

here is my access-list that i configured:

[...]
access-list 100 permit tcp 68.171.0.0 0.0.255.255 host 192.168.0.2 eq 22
[...]

everything seems to be configured but i still get a Timed Out error when trying to remotely connect. i setup port forwarding from my router to port 22 from any ip address and my phone has a public ip address.........

Hello,
are you sure that you phone uses a 68.171.x.y address? On the other hand, if the problem is the access-list you wouldn't get a timeout.

Maybe you can setup the following access-list:


access-list 100 permit tcp 68.171.0.0 0.0.255.255 host 192.168.0.2 eq 22 log
access-list 100 deny tcp any any log


With this change you should see if you phone reaches the 1841 router or not. If you see log entries, fine. If not the problem is not on the 1841.
Bye, Tore

Hello,
are you sure that you phone uses a 68.171.x.y address? On the other hand, if the problem is the access-list you wouldn't get a timeout.

Maybe you can setup the following access-list:


access-list 100 permit tcp 68.171.0.0 0.0.255.255 host 192.168.0.2 eq 22 log
access-list 100 deny tcp any any log


With this change you should see if you phone reaches the 1841 router or not. If you see log entries, fine. If not the problem is not on the 1841.
Bye, Tore


i changed my ACL to
access-list 100 permit tcp any eq 22 host 192.168.0.2 eq 22

but your right i dont see any hits to my ACL so i think your right it may be my smc router. i'll try the above ACL instead. i called my isp and they dont block port 22 they said.

my provider added a public ip onto my billing account and whatismyip.com shows the above public ip address.... but i think your right.... i may have to investigate my smc router....... thanks!!! i'll keep at it!!!